Content Filter - Chrome/Edge v92
there are some sites included in our CFS URI list that are suddenly inaccessible after updating a few machines to version 92 of Google Chrome and Microsoft Edge.
On one hand I know CFS works because I can remove a site that has been whitelisted (previously inaccessible) and it becomes blocked, but if I put that site back on the URI list it is accessible again. But some sites are inaccessible, even if they were previously accessible while on the URI list, in Chrome and Edge.
I mention those two browsers specifically because if I try to access those same sites (that are blocked) in Internet Explorer, they work fine. Since we've begun migrating our users to other web browsers, it wouldn't be advisable to just have them use IE - just strange those sites work there and not Chrome/Edge.
I am also facing the same issue on Gen5 unit & not yet reported on Gen 6 devices. We changed chrome to Firefox the issue disappear.
I have the same issue. Firefox and IE (tho trust me I don't want to use IE anymore) load the same sites just fine. It is just an issue with Edge and Chrome. I am not sure what happened. I opened a case but they only collected stuff for their "lab" environment to test. :(
If you notice on the logs, the CFS traffic being blocked is always an IP address (never shows DNS names) and it's from WAN to LAN cfs traffic, tho we have no policies blocking such.
the issue started with Chrome/edge 92, the issue seems to be that site like amazon, amex etc. all have numerus IP's and sometimes the replying IP is not the same as the incoming and the filter doesn't associate it with the whitelisted domain.
Allowing the "Not Rated" Category seams to alleviate must problems, it 's temp fix until sonicwall gets their act together.
Unfortunately in my environment I simply cannot allow "Unrated" through the CFS. Firefox also seems to help at the moment.
Support basically said that since there's a work around it's not a major issue at the moment, but that they will work on a fix. The timing is quite bad at the moment since we just deployed Microsoft Edge as the "browser" to move from IE. So now I have to tell everyone to switch to Firefox temporarily? I'll deal, but you know how users LOVE change, you can imagine how the Edge change went for a few people.
That is great information to know, I noticed something similar. Any idea why Firefox/IE would work fine but not Chromium based browsers?
If you think this is going to be a problem SonicWall will take a long time to identify and fix, my suggestion is to use a "belt and suspenders approach" to resolving this. There is a company call Isoolate with a similarly named browser extension that provides internet security that you can fine tune along the same lines as CFS. You can use (and they prefer you do) GPOs to deploy it in AD environments to Chrome and Edge. The high-end edition also covers a client's tablets and phones. I plan to start a PoC for my client base next week.
Please put a link to the company that you are referring to, since searching the terms call Isoolate.
however this is unacceptable that sonicwall hasn't fix this by now!!
they charge good money and it doesn't work
everyone should open numerus calls about until they get their sh* together :
I got an email today about a possible hotfix, but it is based on 18.104.22.168, so I will update my firewalls soon since I am on 22.214.171.124 and hopefully that fixes the issue.